Security concerns for all types of processor-based electronic devices, and particularly for computing devices, have become a significant concern. While some concerns may relate to detrimental actions which may be undertaken by defective code implemented by such devices, the greater concerns relate to the ramifications of various types of attacks made upon such devices through malicious code, including code conventionally known in the field by a number of names, including “viruses,” “worms,” “Trojan horses,” “spyware,” “adware,” and others. Such malicious code can have effects ranging from relatively benign, such as displaying messages on a screen, or taking control of limited functions of a device; to highly destructive, such as taking complete control of a device, running processes, transmitting and/or deleting files, etc. Virtually any type of imaginable action on a processor-based device has been the subject of attacks by malicious code.
A number of methodologies have been used in an attempt to reduce or eliminate both the attacks and influence of malicious or defective code. Generally, these methodologies include detection, prevention, and mitigation. Specifically, these methodologies range from attempts to scan, identify, isolate, and possibly delete malicious code before it is introduced to the system or before it does harm (such as is the objective of anti-virus software, and the like), to restricting or containing the actions which may be taken by processes affected by malicious or defective code.
Applications are among the most critical elements of a modern security architecture. While applications provide amazing productivity benefits for users they also have the potential to negatively impact system security, stability, and user data if they are not handled properly. An application may be executed within a restricted operating environment such as a sandbox or virtual machine to prevent the application from accessing any resource beyond the restricted operating environment. In another method, an application may be executed only if the application has been authorized by a trusted source. However, such authorization is typically provided when the application is distributed prior to the execution. However, it does not prevent an application from dynamically loading a library that the application is not entitled to communicate, even if the library may be authorized by the trusted source.